One of the most common criticisms of cryptocurrency and the blockchain industry is their inability to submit to regulation by competent authorities. This is not surprising considering the foundations of cryptocurrency: disdain for government control, utopian dreams to transcend fiat currencies and create a decentralized system.
However, digital coins exploded due to the success of Bitcoin (and its underlying blockchain tech), and regulation became almost inevitable for an industry that sought to be a paradigm shift. It is the EU General Data Protection Regulation that is most popular. But what does it mean for the cryptocurrency industry?
A Cryptocurrency Industry that is More Regulated
The GDPR, or the new Regulation as it is commonly known, was passed into law in 2016. It went into effect on May 25, 2018. This caused a frenzy among businesses who were eager to be GDPR-ready. Because of its stringent requirements, it is one of the most fearful legislative acts in the field data protection. GDPR compliance is now a priority for all companies and organizations.
Businesses must implement and set up a variety of organizational and technical measures to increase privacy and security in order to comply with GDPR’s provisions. Data discovery and classification are necessary to identify and address risks. Additionally, it is important for businesses to establish safeguards like pseudonymizing personal information through methods such as data masking. Companies must also monitor data access and be ready to respond to any data breaches. If a company is found to not be complying, they can face a fine up to EUR20m or 4% of their annual turnover, whichever is greater.
Many companies have invested significant money to ensure compliance due to the severe penalties for breaching obligations set out in the GDPR. What does this mean for cryptocurrency?
First, traders and exchanges in this field must adhere to the EU Regulation’s requirements when processing personal data about their clients. This includes personal details such as your bank information and the link to your wallet on a crypto exchange. It is not surprising that cryptocurrency exchanges are located in jurisdictions subject to financial regulations such as Know Your Customer (KYC), and anti-money laundering legislation. It is reported that although $48,000,000 is spent annually on KYC by financial institutions, a survey covering 25 cryptocurrency exchanges and wallet platforms in Europe and the US found that only 32% of them were fully compliant. It is clear to see how exchanges and similar activities fall within the GDPR scope as regulation becomes more common in the cryptocurrency industry.
Blockchain and GDPR
It is a little more difficult to understand the delicate balance between the GDPR and blockchain – as is specific cryptocurrencies. Research from 600 organizations found that 27% of respondents said that regulatory uncertainty was the greatest obstacle to mainstream blockchain adoption. Another 4% cited concerns about compliance and audit. 25 percent of respondents cited a lack trust among users. 6% were concerned about intellectual property. Statista has more infographics.
Privacy regulations such as the GDPR further complicate the landscape. Particularly, public blockchains store data that can be used to identify users in the contexts of the transparency approach. This data is stored immutably on ledgers and could violate EU rules. GDPR, on the other hand, advocates the right to request the deletion of personal data – which can be a problem given the immutability blockchain ledgers.
Additionally, cryptocurrencies can use personally identifiable information (PII), to record and transport transactions. They must take steps to ensure that the data is secure from cyber-attacks.
This makes perfect sense when GDPR is actually in effect. However, since it covers all companies that provide products or services, or just monitor the behavior of EU citizens, it is very likely that every cryptocurrency will be included in its scope. The GDPR’s emphasis on privacy could open up new opportunities for cryptocurrency.
As the cryptocurrency industry becomes more regulated, adhering the GDPR rules will have a profound impact on the sector. It will also trigger new developments in privacy and security.